{"id":"USN-8540-1","summary":"openvpn vulnerabilities","details":"It was discovered that OpenVPN had a 1-byte buffer overrun when handling\nNTLMv2 proxy responses. An attacker could use this issue to cause a denial\nof service or possibly execute arbitrary code. This issue only affected\nUbuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771)\n\nIt was discovered that OpenVPN incorrectly handled metadata when extracting\ntls-crypt-v2 client keys. An attacker could possibly use this issue to\nobtain sensitive information. (CVE-2026-12932)\n\nIt was discovered that OpenVPN had a use-after-free in the ack_write_buf\nhandling. An attacker could use this issue to cause OpenVPN to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2026-12996)\n\nIt was discovered that OpenVPN had a use-after-free in the tls_wrap_reneg\nhandling. An attacker could use this issue to cause OpenVPN to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-13117)\n\nIt was discovered that OpenVPN incorrectly validated authentication tokens\nwhen external authentication was enabled. A remote attacker could possibly\nuse this issue to cause OpenVPN to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.\n(CVE-2026-13122)\n\nIt was discovered that OpenVPN had a memory leak when handling tls-crypt-v2\nclient keys. A remote attacker with a valid tls-crypt-v2 client key could\npossibly use this issue to cause OpenVPN to consume excessive resources,\nleading to a denial of service. (CVE-2026-13698)","modified":"2026-07-14T23:44:43.636224100Z","published":"2026-07-14T15:40:18Z","related":["UBUNTU-CVE-2026-11771","UBUNTU-CVE-2026-12932","UBUNTU-CVE-2026-12996","UBUNTU-CVE-2026-13117","UBUNTU-CVE-2026-13122","UBUNTU-CVE-2026-13698"],"upstream":["CVE-2026-11771","CVE-2026-12932","CVE-2026-12996","CVE-2026-13117","CVE-2026-13122","CVE-2026-13698","UBUNTU-CVE-2026-11771","UBUNTU-CVE-2026-12932","UBUNTU-CVE-2026-12996","UBUNTU-CVE-2026-13117","UBUNTU-CVE-2026-13122","UBUNTU-CVE-2026-13698"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8540-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-11771"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-12932"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-12996"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-13117"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-13122"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-13698"}],"affected":[{"package":{"name":"openvpn","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/openvpn?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.11-0ubuntu0.22.04.4"}]}],"versions":["2.5.1-3ubuntu1","2.5.1-3ubuntu2","2.5.1-3ubuntu4","2.5.1-3ubuntu5","2.5.5-1ubuntu1","2.5.5-1ubuntu3","2.5.5-1ubuntu3.1","2.5.9-0ubuntu0.22.04.2","2.5.9-0ubuntu0.22.04.3","2.5.11-0ubuntu0.22.04.1","2.5.11-0ubuntu0.22.04.3"],"ecosystem_specific":{"binaries":[{"binary_version":"2.5.11-0ubuntu0.22.04.4","binary_name":"openvpn"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8540-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-12932"},{"id":"CVE-2026-12996","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-13698","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"openvpn","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/openvpn?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.19-0ubuntu0.24.04.3"}]}],"versions":["2.6.5-0ubuntu1","2.6.7-1ubuntu1","2.6.9-1ubuntu2","2.6.9-1ubuntu3","2.6.9-1ubuntu4","2.6.9-1ubuntu4.1","2.6.12-0ubuntu0.24.04.1","2.6.12-0ubuntu0.24.04.3","2.6.14-0ubuntu0.24.04.1","2.6.14-0ubuntu0.24.04.2","2.6.14-0ubuntu0.24.04.3","2.6.19-0ubuntu0.24.04.1","2.6.19-0ubuntu0.24.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.6.19-0ubuntu0.24.04.3","binary_name":"openvpn"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2026-11771","severity":[{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-12932"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-12996"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-13117"},{"id":"CVE-2026-13122","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-13698","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8540-1.json"}},{"package":{"name":"openvpn","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/openvpn?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-1ubuntu1.2"}]}],"versions":["2.6.14-2ubuntu1","2.6.15-1ubuntu1","2.7.0~rc5-1ubuntu5","2.7.0~rc6-1ubuntu1","2.7.0-1ubuntu1","2.7.0-1ubuntu1.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"openvpn","binary_version":"2.7.0-1ubuntu1.2"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-11771","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-12932","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-12996","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-13117","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-13122","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-13698","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:26.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8540-1.json"}}],"schema_version":"1.7.5"}